[fw-wiz] Problem with Cisco Firewall Service Module running in transparent mode
From: greg padden (paddeng_at_biostat.wisc.edu)
To: email@example.com Date: Fri, 13 Aug 2004 07:39:08 -0700
I have attempting to get a Cisco Firewall Service Module (FWSM) running
software version 2.2(1) in transparent mode and multiple context mode.
Here is the problem that I am running into:
I have a bunch of vlans already routing on the MSFC2 blade, I want to
move each of these vlans behind their own "virtual" firewall (what cisco
calls a context). So, I first remove this vlan interface from the MSFC2
router, then I assign this vlan to the firewall module, assign a new
vlan to the firewall module which will become the new outside vlan, then
I session into the firewall module and allocate these two vlans to the
new context, I then go into the context and define the firewall rules.
Go back to the MSFC2 router and define the new "outside" vlan inteface
on the router.
After I have done this, "some" hosts on the inside vlan cannot connect
to "some" places on the Internet (or other places on the outside of the
FWSM). If I take a test pc and give it the same ip address of the
troubled machine I can confirm that they cannot ping, http, or IMAP to
some hosts, but if I take a different ip address on the same LAN I can
sucessfully connect to the same outside host (the firewall rules for
testing are permit ip any any outbound and inbound, so it is NOT the
I have troubleshot this with Cisco about 3 times now and they cannot
figure it out. After a reboot of the entire Catalyst 6500 everything
So here is my complete setup: Catalyst 6509 with dual supII's with duel
MSFC2 routers configured in SRM mode, the Cat is running hybrid IOS 7.6.7.
Has anybody else had trouble migrating VLANS from the MSFC2 to a virtual
transparent firewall on the FWSM? Or seen this behavior?
firewall-wizards mailing list